package jdbc;

import java.sql.*;
import java.util.Scanner;

public class JdbcLogin2 {
    /*
    登录功能，使用预编译sql方式，防止sql注入攻击
    先将预编译的sql语句发送给数据库，让数据库理解sql语句的执行意图，生成执行计划
    select nickname from userinfo where username =? and password=?
    2.设置？的值，具体数据以参数的形式传递
     */
    public static void main(String[] args) {
        try(Connection connection = DBUtil.getConnection();) {
            Scanner scanner = new Scanner(System.in);
            System.out.println("用户名字");
            String username = scanner.nextLine();
            System.out.println("用户密码");
            String password = scanner.nextLine();
            Statement statement = connection.createStatement();
            String sql = "SELECT nickname from userinfo where username = ? and password = ?";
            PreparedStatement ps = connection.prepareStatement(sql);
            //设置？的值
            ps.setString(1, username);
            ps.setString(2, password);
            //执行预编译
            ResultSet rs = ps.executeQuery();

            if (rs.next()){
                //获取nick的值下面用
                String nickname = rs.getString("nickname");
                System.out.println("欢迎您"+nickname);
            }else {
                System.out.println("用户名或密码错误");
            }
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }
    }

}
